Hi, On Sat, 22 Nov 2003 19:56:07 -0800 John Oliver <[EMAIL PROTECTED]> wrote:
> On Sat, Nov 22, 2003 at 06:24:38PM -0800, Robert Menschel wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hello John, > > > > Saturday, November 22, 2003, 4:24:01 PM, you wrote: > > > > JO> I started using the default setting of 5 in user_prefs. This caught > > JO> *very* little spam. Most of the Swen virus emails, for example, > > JO> still get through with scores of about 2.something But marking as > > JO> spam at 2.5 is already causing too much collateral damage for mailing > > JO> lists. I have to be missing something really big and important > > JO> here... :-) > > > > 1) The Swen virus is not spam. It should be caught by anti-virus > > software, not by anti-spam software. > > It's email that I don't want. It has a predictable From: and/or > Subject: and so should be able to be scored very high. Spam != "mail I don't want" so SpamAssassin is the wrong tool for detecting this. Now some people will take the approach that spam == "unsolicited bulk email" and since email viruses meet all three criteria, they're spam too, albeit non-traditional spam. SA defends against traditional spam (non-malware UBE), leaving tools like ClamAV, Sophos, Norton, etc. to handle viruses. Still, SA can detect MS executables which are viruses in the vast majority of cases, so you use SA as a weak AV filter if you really want. As noted before, change score MICROSOFT_EXECUTABLE 0.100 to score MICROSOFT_EXECUTABLE 10 in either ~/.spamassassin/user_prefs or /etc/mail/spamassassin/local.cf This may have unintended consequences, marking all Windows executable attachments as spam. Personally, I don't worry much about it because a) I serve very few users, and b) I unilaterally set policy on my servers, so I just reject all Microsoft executable attachments at the MTA level with Postfix. End of MS virus problem. Rationale': Nobody sends me legitmate executables and on the off chance they needed to send me one, they can zip the damn thing up first. If they can't figure out how to do that, then they probably don't have any business sending me executable code in the first place. > > Do you have the default network tests turned on? They are VERY useful in > > catching spam which otherwise scores very low against the default rule > > set. > > Apparently not. It looks to me like something has to be done other than > install SA to make them go, and I'm working on figuring that out now... > :-) What does spamassassin -D -t < /path/to/spamassassin/installation/sample-nonspam.txt 2>&1 | egrep -i rbl give you? I get: debug: RBL: success for 41 of 41 queries > > Do you have Bayes turned on? Bayes is a life saver here. > > I have no idea. How would I know? Run sa-learn --dump | head and verify either nspam, nham, or ntokens > 0. You need both nspam and nham to each be > 200 for Bayes to work; read up on sa-learn for more info. hth, -- Bob ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk